[40838] in North American Network Operators' Group
Re: should i publish a list of cracked machines?
daemon@ATHENA.MIT.EDU (Mitch Halmu)
Thu Aug 23 12:13:52 2001
Date: Thu, 23 Aug 2001 11:59:42 -0400 (EDT)
From: Mitch Halmu <mitch@netside.net>
To: Jim Mercer <jim@reptiles.org>
Cc: nanog@merit.edu
In-Reply-To: <20010823115338.B10630@reptiles.org>
Message-ID: <Pine.SOL.3.91.1010823115519.1785t-100000@sunny.netside.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 23 Aug 2001, Jim Mercer wrote:
> i found one of my boxes was cracked (probably due to the BSD telnetd overflow).
>
> in any case, i found a file in the cracker's directory containing what i think
> is a list of other servers which might be hacked.
> i think the list also includes the passwords for using the trojan.
>
> on my server, i found a trojan daemon, allowing ssh on an 14000 series port.
>
> i was gonna just post the list of hosts here, but then, maybe not.
>
> what is the appropriate feeling?
Suggest you first notify CERT. If the list is manageable in size, perhaps
you may also want to write to the sysadmins/network owners whose boxen
were compromised. Publishing such list in the open may not be such a hot
idea, for obvious reasons...
--Mitch
NetSide
